A Look Inside the Pass-the-PRT Attack

Discover what a Primary Refresh Token is and how cyber-criminals are exploiting it in two different ways to launch Azure Active Directory attacks.

Like an NT hash (AKA NTLM hash) and a Kerberos ticket, a Primary Refresh Token (PRT) can be passed in an attack. Mimikatz author Benjamin Delpy and Dirk-jan Mollema have both released detailed research and code showing how attackers could Pass-the-PRT to perform the lateral movement to the cloud.

Here we take a brief look at what a PRT is and how cyber-criminals could exploit it to launch attacks.

Feeling up-to-date? Take the challenge and complete the fifth edition of the CQURE quiz!

Check if your cyber-skills are still on point by taking the new and fresh CQURE quiz created by Paula J. and the team of experts at CQURE. We’ve set nearly 30 multiple-choice questions for the class of 2020 to sort the cyber-savvy from the geeky newbies.

Ready for the challenge? Take CQURE Quiz 5.0